Lewis Perez

Security Journal

Learning journey through the AI Protector Workshop - documenting each LMS mini project, implementation details, and lessons learned from securing AI-powered applications.

2 Completed1 In Progress7 Upcoming

Current Progress

Week 1completed
Protector Mindset & Secure Development Environment
Objectives
  • Understand the AI Protector role within the changing-roles framework
  • Set up secure local development with Node.js, Git, VS Code, Copilot, and Claude Desktop
  • Document environment hardening steps including extensions, policies, and secrets management
  • Connect to existing MCP servers (Rolldice, Bootcamp Agent, Calendar Booking) and evaluate security baselines
  • Collect Australian security case studies and LMS security journey insights for contextual awareness
Lessons Learned
  • Security must be considered from the very first commit, not as an afterthought
  • Development environment security is foundational - compromised dev tools can lead to supply chain attacks
  • MCP servers introduce new attack surfaces that require specific security assessments
  • Australian data residency and privacy regulations (Privacy Act 1988) have specific implications for AI systems
  • Claude Desktop and VS Code Copilot have different security and privacy models that must be understood
Key Takeaways
  • Shift-left security starts with securing the development environment itself
  • Every MCP server connection should be evaluated for data handling, privacy, and security risks
  • Understanding local case studies helps contextualize threats relevant to Australian organizations
Challenges
  • Balancing developer productivity with security constraints
  • Understanding the full scope of data that MCP servers can access
  • Identifying which security controls are appropriate for different development scenarios
Week 2in progress
Cyber Security Bootcamp Integration & Digital Portfolio Foundation
Objectives
  • Integrate LMS video content from Cyber Security Bootcamp into learning journey
  • Establish baseline security posture for digital portfolio application
  • Review OWASP Top 10 in the context of AI-powered web applications
  • Implement initial authentication and authorization patterns
  • Document security decisions and rationale for portfolio foundation
Lessons Learned
  • Traditional web security principles (OWASP Top 10) still apply but need AI-specific adaptations
  • Authentication for AI-powered applications requires considering both human and agent access patterns with Clerk.js
  • Digital portfolios can be high-value targets due to professional information and contact details
  • LMS integration provides structured learning path aligned with hands-on implementation
  • Security documentation from day one creates an audit trail and learning reference
  • Next.js 15 App Router provides enhanced security patterns with Server Components as secure-by-default
  • Vercel Analytics and Speed Insights integration adds performance monitoring without compromising security
Key Takeaways
  • Foundation security decisions have cascading effects throughout the application lifecycle
  • Combining theoretical LMS content with practical implementation reinforces learning
  • Security patterns for Next.js applications differ from traditional server-rendered apps
  • ClerkProvider setup in root layout enables role-based access control (RBAC) for admin routes
  • Resource hints and DNS prefetching improve performance while maintaining security boundaries
Challenges
  • Determining appropriate security level for a public portfolio vs. enterprise application
  • Integrating multiple authentication providers (Clerk, OAuth) cohesively
  • Balancing public accessibility with protection of sensitive admin functions
Week 3completed
Secure the My Digital Portfolio Application
Objectives
  • Implement comprehensive security controls for Next.js portfolio application
  • Configure Clerk authentication with role-based access control (RBAC)
  • Secure API routes with proper authentication and rate limiting
  • Implement Content Security Policy (CSP) and other security headers
  • Secure database operations and prevent common injection attacks
  • Set up environment variable management and secrets handling
Lessons Learned
  • ✅ IMPLEMENTED: Edge middleware with Clerk authentication enforces RBAC at runtime='experimental-edge'
  • ✅ IMPLEMENTED: Arcjet SDK provides shield (XSS/SQL injection), bot detection, and token bucket rate limiting (20 tokens/10s, capacity 50)
  • ✅ IMPLEMENTED: PostgreSQL with pg-vector extension using parameterized queries prevents SQL injection
  • ✅ IMPLEMENTED: Clerk's publicMetadata.role='admin' enables flexible RBAC without custom auth tables
  • ✅ IMPLEMENTED: Environment variables managed securely (DATABASE_URL, ARCJET_KEY, CLERK secrets) with .env.local
  • ✅ IMPLEMENTED: Route matcher pattern protects /admin routes while allowing public access to /admin/sign-in
  • ✅ IMPLEMENTED: Custom error handling provides user-friendly messages without leaking system details
  • ✅ IMPLEMENTED: Connection pooling (max: 20 connections) with automatic client release prevents resource exhaustion
  • Cache-Control headers set for public API routes: 'public, s-maxage=300, stale-while-revalidate=600'
  • Performance optimization: DNS prefetching for api.openai.com, vercel.live, clerk.com reduces latency
Key Takeaways
  • Defense in depth achieved: Arcjet (application layer) + Clerk (authentication) + PostgreSQL (data layer) + Middleware (edge)
  • Edge middleware with experimental-edge runtime provides global security enforcement with minimal latency
  • Graceful degradation: Arcjet returns mock decision when not configured, enabling development without all keys
  • Security monitoring via Vercel Analytics, Toaster notifications (sonner), and database health checks
  • Suspense boundaries prevent security-sensitive content from streaming before auth checks complete
Challenges
  • ✅ SOLVED: CSP compatibility with Next.js - using Tailwind with custom properties and system theme detection
  • ✅ SOLVED: Rate limiting balance - Arcjet token bucket with refillRate: 20 allows normal usage while blocking abuse
  • ✅ SOLVED: Secret management - Vercel environment variables with separate dev/staging/production contexts
  • ✅ SOLVED: Admin route protection - createRouteMatcher with isAdminRoute and isPublicRoute patterns
  • ONGOING: Performance vs security tradeoff - monitoring s-maxage cache effectiveness with Speed Insights

Upcoming Weeks

Week 4in progress
Layered Defenses: WAF, Arcjet, and Vercel Firewall
Objectives
  • Configure Vercel Firewall for edge protection
  • Integrate Arcjet SDK for AI-aware rate limiting and bot protection
  • Implement Web Application Firewall (WAF) rules
  • Set up DDoS protection and monitoring
  • Test and tune firewall rules with real traffic patterns
Lessons Learned
  • ✅ IMPLEMENTED: Arcjet shield in 'LIVE' mode blocks SQL injection and XSS attacks at application layer
  • ✅ IMPLEMENTED: Bot detection allows SEARCH_ENGINE, MONITOR, and PREVIEW categories while blocking malicious bots
  • ✅ IMPLEMENTED: Token bucket rate limiting with characteristics=['ip.src'] prevents per-IP abuse
  • ✅ IMPLEMENTED: checkArcjetProtection() helper function used across /api/mcp and /api/contact routes
  • Vercel Firewall provides edge-level DDoS protection and geographic filtering (regions: ['pdx1'])
  • Multi-layer defense: Vercel Edge → Arcjet Application → Clerk Auth → Database validates defense-in-depth principle
Key Takeaways
  • Arcjet's 'DRY_RUN' mode enables testing rules before enforcement in production
  • Bot detection must balance security (blocking scrapers) with functionality (allowing search engines)
  • Rate limit tuning requires analytics: 20 tokens/10s allows ~120 requests/minute per IP
  • Graceful degradation with mock decisions ensures development continues without all API keys
Challenges
  • Tuning rate limits to prevent false positives for power users while blocking abuse
  • Determining appropriate bot allow-list categories for SEO vs security tradeoff
  • Testing firewall rules without blocking legitimate traffic during deployment
Week 5planned
Kali Linux Penetration Testing Sprint
Objectives
  • Set up Kali Linux environment for security testing
  • Perform reconnaissance and vulnerability scanning with nmap, nikto, and dirb
  • Test rate limits with automated tools (Apache Bench, siege)
  • Attempt SQL injection against hardened database endpoints using sqlmap
  • Test XSS protection with XSS Hunter and manual payload injection
  • Attempt authentication bypass and session hijacking attacks
  • Document findings in professional penetration testing report format
Challenges
  • Establishing legal and ethical boundaries for penetration testing on live production site
  • Distinguishing between legitimate security testing and actual attacks in logs
  • Documenting remediation steps without exposing vulnerabilities publicly
Week 6in progress
Prerequisites for Agent Security Advanced
Objectives
  • Review OAuth 2.1 and OpenID Connect specifications
  • Understand MCP authentication requirements and security model
  • Prepare environment for secure MCP server development
  • Study mcp-auth-demo reference implementation
  • Analyze existing MCP tools in portfolio for security gaps
Lessons Learned
  • ✅ IMPLEMENTED: MCP server with 15+ tools providing professional data access (get_experiences, lookup_skills, query_projects)
  • ✅ IMPLEMENTED: MCP tools use semantic search with vector embeddings for intelligent content retrieval
  • ✅ IMPLEMENTED: Arcjet protection applied to /api/mcp endpoint prevents abuse of MCP tools
  • MCP protocol enables Claude Desktop, ChatGPT Developer Mode, and VS Code Copilot to access portfolio data
  • Current MCP implementation lacks OAuth - tools are protected by Arcjet rate limiting only
  • Model Context Protocol standardizes how AI agents access external data sources and APIs
  • Vector search with pg-vector (1536-dimensional embeddings) powers semantic search across professional content
Key Takeaways
  • MCP security requires authentication, authorization, and audit logging for production deployment
  • Current MCP tools demonstrate capability but need OAuth 2.1 upgrade for enterprise security
  • Semantic search via vector embeddings enables natural language queries across professional content
  • MCP integration in portfolio showcases cutting-edge AI agent communication standards
Challenges
  • Balancing open access for portfolio visitors with secure API access for MCP clients
  • Implementing OAuth 2.1 without breaking existing Claude Desktop integration
  • Determining appropriate scopes and permissions for different MCP tool categories
Week 7planned
Agent Security Advanced Phase 1 & MCP Auth Demo
Objectives
  • Implement OAuth 2.1 authentication for MCP servers
  • Integrate mcp-auth-demo patterns into existing MCP implementation
  • Create authorization server for MCP client authentication
  • Secure MCP server endpoints with token validation
  • Test authentication flows with Claude Desktop and other MCP clients
  • Implement scope-based access control for different MCP tools
Challenges
  • Maintaining backward compatibility with existing non-authenticated MCP clients
  • Implementing token refresh flows for long-running AI agent sessions
  • Debugging OAuth flows across multiple MCP client platforms
Week 8planned
Agent Security Advanced Phase 2 & Production Hardening
Objectives
  • Complete Agent Security Advanced curriculum
  • Implement production security hardening
  • Set up monitoring and alerting
  • Create incident response procedures
Week 9planned
Portfolio Integration & Security Reporting
Objectives
  • Integrate security features into portfolio showcase
  • Create executive security reports
  • Document security architecture and decisions
  • Prepare compliance documentation
Week 10planned
Final Presentation & Protector Launch Plan
Objectives
  • Complete final portfolio presentation
  • Deliver security playbooks and runbooks
  • Present executive briefing
  • Launch as AI Protector specialist
Implemented Security Features in This Portfolio
Real-world security implementations demonstrating AI Protector concepts

Authentication & Authorization

  • Clerk.js Integration: Enterprise authentication with RBAC using publicMetadata.role
  • Edge Middleware: clerkMiddleware with experimental-edge runtime for global auth enforcement
  • Route Protection: createRouteMatcher pattern protects /admin/* routes dynamically

Application Security (Arcjet)

  • Shield Protection: LIVE mode blocks SQL injection, XSS, and common web attacks
  • Bot Detection: Allows search engines/monitors while blocking malicious bots
  • Rate Limiting: Token bucket (20/10s refill, 50 capacity) per IP address

Database Security

  • PostgreSQL + pg-vector: Parameterized queries prevent SQL injection
  • Connection Pooling: Max 20 connections, 30s idle timeout, automatic release
  • Transaction Safety: BEGIN/COMMIT/ROLLBACK with automatic error handling

MCP Security & AI Integration

  • MCP Protocol: Standardized AI agent access with 15+ professional data tools
  • Arcjet on /api/mcp: Rate limiting and shield protection for MCP endpoints
  • OAuth 2.1 (Planned): Week 7-8 implementation for enterprise MCP security

Monitoring & Performance

  • Vercel Analytics: Real-time traffic monitoring and performance metrics
  • Speed Insights: Core Web Vitals tracking for performance optimization
  • Health Checks: Database connectivity monitoring with response time alerts

Deployment Security

  • Environment Isolation: Separate dev/staging/production secrets management
  • Vercel Edge Network: Global CDN with DDoS protection (region: pdx1)
  • SSL/TLS: Automatic HTTPS with production SSL certificate on custom domain

🎯 Security Metrics Summary

Rate Limit
20 req/10s
DB Pool
20 max conn
Cache TTL
300s + SWR
Edge Runtime
<50ms global
Overall Learning Insights
Key themes emerging from the AI Protector journey

🛡️ Security as a Mindset

The AI Protector role is not just about implementing security controls, but about developing a security-first mindset that questions assumptions, considers threat models, and evaluates risks at every stage of development. This portfolio demonstrates security integrated from the first commit.

🔐 Layered Defense Strategy (Defense in Depth)

No single security control is sufficient. This project implements defense in depth with multiple overlapping controls:

  • Edge Layer: Vercel Firewall with DDoS protection and geographic filtering
  • Application Layer: Arcjet SDK with shield (XSS/SQL injection), bot detection, and rate limiting
  • Authentication Layer: Clerk.js with RBAC enforced via edge middleware
  • Data Layer: PostgreSQL with parameterized queries, connection pooling, and transaction safety
  • Monitoring Layer: Vercel Analytics, Speed Insights, and custom health checks

🎯 Context-Aware Security

Security requirements vary based on context. This portfolio balances public accessibility (portfolio sections) with protected resources (admin dashboard, MCP tools). Route-based middleware enables granular security policies matching the sensitivity of each endpoint.

📊 Implemented Security Metrics

Real-world security measurements from this production portfolio:

  • Rate Limiting: Token bucket with 20 tokens/10s refill, 50 capacity per IP
  • Database Performance: Connection pool max 20, 30s idle timeout, 10s connection timeout
  • Cache Strategy: Public API routes with s-maxage=300, stale-while-revalidate=600
  • Edge Runtime: experimental-edge for global middleware execution <50ms
  • Vector Search: 1536-dimensional embeddings with cosine similarity for semantic security

📚 Documentation as Security Asset

Comprehensive documentation of security decisions, configurations, and rationale creates an audit trail, facilitates compliance, and serves as a learning resource. This security journal itself demonstrates the practice of documenting security implementations with specific metrics, lessons learned, and challenges overcome.

🚀 Production-Ready Security Stack

This portfolio showcases enterprise-grade security patterns suitable for production AI applications:

  • ✅ Authentication & RBAC with Clerk (admin role in publicMetadata)
  • ✅ Edge middleware with route-based protection (experimental-edge runtime)
  • ✅ Application firewall with Arcjet (shield, bot detection, rate limiting)
  • ✅ Secure database operations (parameterized queries, connection pooling, transactions)
  • ✅ Environment variable management (separation of dev/staging/production)
  • ✅ MCP protocol integration with security controls (Arcjet on /api/mcp)
  • ✅ Performance monitoring (Vercel Analytics, Speed Insights, database health checks)
  • 🔄 OAuth 2.1 for MCP servers (planned Week 7-8 implementation)